Critical Microsoft Excel bug weaponizes Copilot Agent for zero-click information disclosure attack


After a whopper of a Patch Tuesday last month, with six Microsoft flaws exploited as zero-days, March didn’t exactly roar in like a lion. Just two of the 83 Microsoft CVEs released on Tuesday are listed as publicly known, and none is under active exploitation, which we’re sure is a welcome change to sysadmins.

Another eight of the 83 Microsoft CVEs are considered critical, and one of these – to quote Zero Day Initiative chief bug hunter Dustin Childs – is “fascinating.” Plus, it’s got an AI-attack component, so we’re going to start with it. CVE-2026-26144 is a critical-severity information disclosure vulnerability in Microsoft Excel.

Read more…
Source: The Register News


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Cisco Warns of Critical Vulnerability Revealed in ‘Vault 7’ Data Dump

    March 20, 2017

    Cisco Systems warned customers on Friday of a critical vulnerability that could allow an attacker to execute arbitrary code and obtain full control on more than 300 different models of its switches and routers. Cisco said it became aware of the vulnerability after WikiLeaks released its Vault 7 cache of documents that revealed the existence ...